CN107346284B - Application program detection method and detection device - Google Patents
Application program detection method and detection device Download PDFInfo
- Publication number
- CN107346284B CN107346284B CN201610293162.8A CN201610293162A CN107346284B CN 107346284 B CN107346284 B CN 107346284B CN 201610293162 A CN201610293162 A CN 201610293162A CN 107346284 B CN107346284 B CN 107346284B
- Authority
- CN
- China
- Prior art keywords
- api
- private
- target
- detected
- application program
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/3604—Software analysis for verifying properties of programs
- G06F11/3616—Software analysis for verifying properties of programs using software metrics
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Quality & Reliability (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Stored Programmes (AREA)
Abstract
The embodiment of the invention discloses a detection method of an application program, which comprises the following steps: acquiring an application program to be detected; extracting a private application programming interface API from the software development kit SDK through a symbol list tool nm; extracting a target API in the application program to be detected; and if the target API extracted from the application program to be detected is consistent with the private API extracted from the SDK, determining the target API as the private API of the application program to be detected. The embodiment of the invention also provides a detection device. According to the embodiment of the invention, the nm tool replaces the existing class-dump tool to obtain the private API in the SDK, so that the detection process is more stable, and the accuracy of detecting the private API is improved.
Description
Technical Field
The present invention relates to the field of communications, and in particular, to a method and an apparatus for detecting an application.
Background
Since apple authorities adopt a strict Application auditing mechanism, if an Application is found to use a private Application Programming Interface (API), the Application is forced to be off-shelf or refused to be on-shelf from an apple Application store.
Currently, open source tools exist to help audit private APIs by extracting a list of private APIs according to the following formula:
private api (api in header file generated by class-dump Framework library (api in Framework header file is api with document) + api without document)) + privateframeworkapi
And then writing a script for automatically extracting the API to obtain a private API list.
However, the existing open source tool using the private API may be unstable and prone to error because the tool is unstable, that is, as shown in fig. 1, fig. 1 is a schematic diagram of an interface display of a system error report when detecting the private API in the prior art, and in addition, the above-mentioned formula is not completely correct, for a first reason, since there is a private class in the Framework and a public class in the PrivateFramework, if only the private API is extracted according to the above-mentioned formula, many public functions are mistaken for the private API, so that a result has a high false alarm rate, and for a second reason, since the detection can be avoided by adding a character string in the private API, a result detected by the private API is omitted, a false alarm rate is increased, and integrity of the detection result is not favorable. Referring to fig. 2, fig. 2 is a schematic diagram illustrating an interface display of a prior art that cannot detect a private API of an application, where when a class-dump tool is used to detect multiple private APIs, the interface as shown in fig. 2 may appear, and a result cannot be detected, which is obvious that the class-dump tool cannot fully satisfy the function of detecting the private APIs.
Disclosure of Invention
The embodiment of the invention provides a detection method and a detection device of an application program, the detection device replaces the existing class-dump tool with a nm tool to obtain the private API in the SDK, so that the detection process is more stable, and the accuracy of detecting the private API is improved.
In view of the above, a first aspect of the present invention provides a method for detecting an application, including:
acquiring an application program to be detected;
extracting a private application programming interface API from the software development kit SDK through a symbol list tool nm;
extracting a target API in the application program to be detected;
and if the target API extracted from the application program to be detected is consistent with the private API extracted from the SDK, determining the target API as the private API of the application program to be detected.
In a second aspect, an embodiment of the present invention further provides a detection apparatus, including:
the acquisition module is used for acquiring the application program to be detected;
the first extraction module is used for extracting a private application programming interface API from the software development kit SDK through a symbol list tool nm;
the second extraction module is used for extracting a target API in the application program to be detected;
and the determining module is used for determining the target API as the private API of the application program to be detected if the target API extracted from the application program to be detected and extracted by the second extracting module is consistent with the private API extracted from the SDK and extracted by the first extracting module.
In a third aspect, an embodiment of the present invention further provides a detection apparatus, including: an input device, an output device, a memory, and a processor;
the processor is used for executing the program in the memory, and specifically comprises the following steps:
controlling the input device to acquire an application program to be detected;
extracting a private application programming interface API from the software development kit SDK through a symbol list tool nm;
extracting a target API from the application program to be detected through the nm tool;
and if the target API extracted from the application program to be detected is consistent with the private API extracted from the SDK, determining the target API as the private API of the application program to be detected.
According to the technical scheme, the embodiment of the invention has the following advantages:
the embodiment of the invention provides an application program detection method, wherein a detection device acquires an application program to be detected, extracts a private application programming interface API from an SDK through a nm tool, extracts a target API in the application program to be detected, and determines the target API as the private API of the application program to be detected if the target API extracted from the application program to be detected is consistent with the extracted private API from the SDK. The detection device replaces the existing class-dump tool with the nm tool to obtain the private API in the SDK, so that the detection process is more stable, and the accuracy of detecting the private API is improved.
Drawings
FIG. 1 is a schematic diagram of an interface display of a system error report in detecting a private API in the prior art;
FIG. 2 is a schematic diagram of an interface display for detecting an application private API failure in the prior art;
FIG. 3 is a diagram of an embodiment of a method for detecting an application according to an embodiment of the present invention;
FIG. 4 is a diagram illustrating extraction of private APIs from a software development kit according to an embodiment of the present invention;
FIG. 5 is a schematic diagram of an interface display for downloading an API document in an embodiment of the present invention;
FIG. 6 is a diagram illustrating a list of extracted private APIs in an embodiment of the invention;
FIG. 7 is a diagram illustrating detection of an application calling multiple private APIs in an embodiment of the invention;
FIG. 8 is a diagram illustrating an output interface of a private API test result according to an embodiment of the present invention;
FIG. 9 is a schematic diagram of an embodiment of a detection device in an embodiment of the invention;
FIG. 10 is a schematic diagram of another embodiment of a detecting device in an embodiment of the present invention;
FIG. 11 is a schematic diagram of another embodiment of the detecting device in the embodiment of the present invention;
FIG. 12 is a schematic view of another embodiment of the detecting device in the embodiment of the present invention;
FIG. 13 is a schematic diagram of another embodiment of a detecting device in an embodiment of the present invention;
FIG. 14 is a schematic diagram of another embodiment of a detecting device in an embodiment of the present invention;
FIG. 15 is a schematic diagram of another embodiment of a detecting device in an embodiment of the present invention;
FIG. 16 is a schematic view of another embodiment of the detecting device in the embodiment of the present invention;
FIG. 17 is a schematic structural diagram of a detecting device according to an embodiment of the present invention.
Detailed Description
The embodiment of the invention provides a detection method and a detection device of an application program, the detection device replaces the existing class-dump tool with a nm tool to obtain the private API in the SDK, so that the detection process is more stable, and the accuracy of detecting the private API is improved.
The terms "first," "second," "third," "fourth," and the like in the description and in the claims, as well as in the drawings, if any, are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the invention described herein are, for example, capable of operation in sequences other than those illustrated or otherwise described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
It should be understood that the embodiment of the present invention can be applied to an apple research and development operating System (hereinafter referred to as "ipos"), which is an operating System developed by apple inc and is mainly used for apple mobile phones (hereinafter referred to as "iPhone"), apple multimedia players (hereinafter referred to as "iPod touch"), and apple tablet computers (hereinafter referred to as "iPad"). The system architecture of iOS is divided into four levels: a core operating system layer, a core service layer, a media layer, and a tactable layer. iOS is a very secure system that provides built-in security from the moment the device is opened. The iOS is designed with low-level hardware and firmware functions to prevent malicious software and viruses, and also with high-level Source code opening (Open Source, abbreviated as OS) functions to help ensure security when accessing personal information and enterprise data.
In order to ensure the security of user information, in the iOS, if a user needs to download an apple Application file (hereinafter referred to as "iPhone Application"), the relevant IPA may be selected from an apple Application store, however, the IPA on the shelf in the apple Application store cannot adopt a private API, that is, the private API may face a situation that the audit is not passed and then the apple Application cannot be online.
The APIs of iOS are classified into four kinds, namely, a public API, a documented API, a private API, and an unpublished API. The private API refers to an API placed in a private framework (the full name of English: PrivateFramework), and the unpublished API refers to an API which is placed in a framework of Frameworks but has no record such as use instructions or code introduction in an official document of the apple. In apple supply, the unpublished API is not mature enough, and may also be changed, and the like, which becomes the public API after being completely molded, but currently, there is no promise provided for it, that is, the system version may fail after being upgraded. While the proprietary API is an API that apple cannot explicitly use. Although the two are different, they are similar in the specific method of use.
Therefore, before IPA is shelved, it is very necessary to detect its proprietary API in case it is forced by apple app stores to be shelved or refused to be shelved.
Referring to fig. 3, an embodiment of a method for detecting an application according to the embodiment of the present invention includes:
101. acquiring an application program to be detected;
in this embodiment, the detection device obtains the application program to be detected, where the application program to be detected may specifically be IPA. The user triggers the detection instruction, so that the terminal can upload the IPA to be detected to the detection device, wherein the detection device may be a server.
102. Extracting a private application programming interface API from the software development kit SDK through a symbol list tool nm;
in this embodiment, the detection apparatus extracts a private API in the APIs from a Software Development Kit (full english name: Software Development Kit, abbreviated english: SDK) through a symbol list tool nm.
The nm tool is a tool carried by an apple computer operating system, symbol list information of a file can be checked by using a nm command, and the nm command line tool is carried in an integrated development tool Xcode, so that the Xcode needs to be installed before use. The format of the nm command is roughly as follows:
nm[-agnoprumxjlfPA[s segname sectname]][-][-t format][[-arch arch_flag]...][file...]
without any optional parameter, the use of the nm command lists all the symbols in the specified file, the symbols appearing in the order of the default ordering by character, and if the symbols represent a function written in the target C language, the name will be + - [ Class _ name (category _ name) method: name: ].
103. Extracting a target API in the application program to be detected;
in this embodiment, the detection device directly extracts the target API through the binary file in the application to be detected.
It should be noted that, the execution sequence between step 103 and step 102 may be to execute step 102 first and then execute step 103, or execute step 103 first and then execute step 102, or execute step 103 while executing step 102, and thus is not limited here.
104. And if the target API extracted from the application program to be detected is consistent with the private API extracted from the SDK, determining the target API as the private API of the application program to be detected.
In this embodiment, the detection device further determines whether the target API extracted from the application to be detected is consistent with the private API extracted from the SDK by the detection device, and if so, may determine the target API as the private API of the application to be detected.
The embodiment of the invention provides an application program detection method, wherein a detection device acquires an application program to be detected, extracts a private application programming interface API from an SDK through a nm tool, extracts a target API in the application program to be detected, and determines the target API as the private API of the application program to be detected if the target API extracted from the application program to be detected is consistent with the extracted private API from the SDK. The detection device replaces the existing class-dump tool with the nm tool to obtain the private API in the SDK, so that the detection process is more stable, and the accuracy of detecting the private API is improved.
Optionally, on the basis of the embodiment corresponding to fig. 3, in a first optional embodiment of the method for detecting an application program according to the embodiment of the present invention, extracting a private application programming interface API from a software development kit SDK by using a symbol list tool nm may include:
acquiring API from SDK through nm tool;
and judging whether the API meets the preset private API confirmation condition, if so, determining the API as the private API.
In this embodiment, the detection apparatus may extract all APIs from the SDK through the nm tool, and then determine whether the APIs satisfy the preset API validation condition, and determine the APIs that satisfy the preset API validation condition as private APIs.
Specifically, the preset private API confirmation condition may be represented by a formula as follows:
private API ═ (API in header file generated by nm Framework library (API in header file ═ documented API + uncategorized API in Framework header file)) + PrivateFramework API-rule to exclude non-private APIs
The header file generated by the nm Framework library is an executable file for extracting IPA by using a nm tool, and for the API in the header file generated by the nmFramework library, the API is the API of the executable file of IPA, and the API is usually a pure alphabetic function at the beginning of an underlined _ ". The API in the Framework header file may refer to an API for IPA provided by iOS. The documented API is an API for a file database recorded in the iOS SDK, the unclassified API is an API for a file database not recorded in the iOS SDK, and the privateframe API is an API provided in the file database of the iOS SDK.
Secondly, in the embodiment of the present invention, the step of extracting the API of the private application programming interface from the SDK by the detection device through the nm tool may be specifically that the detection device first extracts a target API in the application to be detected, and then determines whether the API meets a preset API confirmation condition, and if so, determines that the API is the private API. By the method, the private API detection result of the application to be detected can be obtained, the confirmation condition of the private API is fully considered, the range for determining the private API is narrowed in actual detection, the condition that the private API is missed to be detected is avoided, the accuracy of private API detection is guaranteed, the efficiency of detecting the private API is improved, and the private API detection result can be timely processed by a user.
For convenience of introduction, the following description will be made for the case of using different conditions to determine whether the API satisfies the preset API confirmation condition:
the non-private API comprises single and double letters;
optionally, on the basis of the first embodiment corresponding to fig. 3 or fig. 3, in a second optional embodiment of the detection method for an application program provided in the embodiment of the present invention, the determining whether the API meets a preset private API confirmation condition may include:
judging whether the API is a function consisting of one letter or two letters;
if the API is a function consisting of one letter or two letters, it is determined that the target API does not satisfy the preset private API-confirmation condition.
In this embodiment, the detecting device determines whether the API meets the preset private API confirmation condition, specifically, it may determine whether the API is a function composed of one letter or two letters, and if so, it indicates that the API does not meet the preset private API confirmation condition.
Specifically, a function composed of a single letter or two letters is a non-private API, and thus an API in this case needs to be excluded when judging whether a preset private API confirmation condition is satisfied. The function composed of single letter can be a C function which is mainly used for obtaining and setting configuration parameters and supporting batch definition, or a B function which is mainly used for executing a certain action, or an F function which is mainly used for reading and saving fast file data and aims at simple type data, character strings and arrays. It should be noted that the function composed of the single letter may also be other functions, and is not limited herein.
The function composed of a single letter belongs to the non-private API, and the function composed of two letters also belongs to the non-private API, and also does not satisfy the preset private API confirmation condition.
In the embodiment of the present invention, it is determined whether the API meets the preset private API confirmation condition, specifically, it is determined whether the API is a function composed of one letter or two letters, and if the API is a function composed of one letter or two letters, it may be determined that the API does not meet the preset private API confirmation condition. By the method, an implementation mode is provided for detecting whether the API meets the preset private API confirmation condition, on one hand, the practicability of the scheme in practical application is improved, and on the other hand, a reliable detection rule and enhanced feasibility of the scheme are provided for the method for determining the private API.
Secondly, the non-private API comprises illegal variables;
optionally, on the basis of the first or second embodiment corresponding to fig. 3 and fig. 3, in a third optional embodiment of the detection method for an application program according to the embodiment of the present invention, determining whether the API meets a preset private API confirmation condition may include:
judging whether the API is a constant or a variable;
and if the API is a constant or a variable, determining that the target API does not meet the preset private API confirmation condition.
In this embodiment, the detecting device determines whether the API meets the preset private API confirmation condition, specifically, the detecting device determines whether the API is a constant or a variable, and if so, it indicates that the API does not meet the preset private API confirmation condition.
Specifically, a constant beginning with the lower case letter "k" and followed by an upper case letter cannot be used as a private API confirmation condition, and it is understood that in practical applications, other constants or variables may exist, such as a variable containing a space, or a variable beginning with a number and followed by a letter, or other illegal constants or variables, which are not limited herein.
Thirdly, in the embodiment of the present invention, it is determined whether the API meets the preset private API confirmation condition, specifically, it is determined whether the API is a constant or a variable, and if the API is a constant or a variable, it is determined that the API does not meet the preset private API confirmation condition. By the method, whether the API meets the preset private API confirmation condition or not is detected, another feasible method is provided for implementation of the scheme, on one hand, the practicability of the scheme in practical application is improved, and on the other hand, a reliable detection rule is provided for the method for determining the private API, and the feasibility of the scheme is enhanced.
Thirdly, the non-private API comprises a C language library function without class names;
optionally, on the basis of any one of the first to third embodiments corresponding to fig. 3 and fig. 3, in a fourth optional embodiment of the method for detecting an application program according to the embodiment of the present invention, determining whether the API meets a preset private API confirmation condition may include:
judging whether the API belongs to a C language library function without class names;
and if the API belongs to a C language library function without class names, determining that the target API does not meet the preset private API confirmation condition.
In this embodiment, the determining device determines whether the API meets the preset private API confirmation condition, specifically, determines whether the API belongs to a class-name-free C language library function, and if the API belongs to the class-name-free C language library function, determines that the API does not meet the preset private API confirmation condition.
Specifically, the class-name-free C language library function may be a function composed of lower case letters of a generic type, and may also carry an underline "_" in the function, and the class-name-free C language library function is generally used to define a constant, and functions like # define.
The C language is an entry language for programming, and because the statement for directly calculating the sin or cos function is not provided in the statement of the C language, the programming difficulty is caused, but the function library provides the sin and cos functions and can be directly called. And displaying a text, wherein a display sentence cannot be found in the C language, and only the library function printf can be used. The library function of the C language is not a part of the C language itself, and is a set of programs which are compiled and provided by a compiler according to the needs of a general user. The library function of the C language greatly facilitates the user and simultaneously supplements the defects of the C language. When the C language program is written, the library function is used, so that the running efficiency of the program can be improved, and the programming quality can be improved.
A function library is a collection of functions with certain functions that are built by the system. The name of the function, the corresponding target code and the relocation information required in the connection process are stored in the library, and a user can also establish a user function library according to the requirement of the user. Library functions are functions stored in a library of functions. Library functions have explicit functions, entry call parameters, and return values.
The linker is used to link the object files generated by the compiler together to generate an executable file. And header files are sometimes also referred to as containing files. When a library function is used, a header file corresponding to the function is embedded in the program.
Thirdly, in the embodiment of the present invention, it is determined whether the API meets the preset private API confirmation condition, specifically, it is determined whether the API belongs to a class-name-free C language library function, and if the API belongs to the class-name-free C language library function, it is determined that the API does not meet the preset private API confirmation condition. By the method, whether the API meets the preset private API confirmation condition or not is detected, another feasible method is provided for implementation of the scheme, on one hand, the practicability of the scheme in practical application is improved, and on the other hand, a reliable detection rule is provided for the method for determining the private API, and the feasibility of the scheme is enhanced.
Optionally, on the basis of any one of the first to fourth embodiments corresponding to fig. 3 and fig. 3, in a fifth optional embodiment of the method for detecting an application program according to the embodiment of the present invention, after extracting the private application programming interface API from the software development kit SDK by using the symbol list tool nm, the method may further include:
the private API is stored in the target database.
In this embodiment, after the detection device extracts the private API from the SDK through the nm tool, the extracted private API may be stored in the target database, and if other target APIs are subsequently extracted, the extracted private API may be directly compared with the private API stored in the target database, and then it is determined whether the target API is the private API.
Secondly, in the embodiment of the invention, after the detection device extracts the private API from the SDK through the nm tool, the private API can be directly stored in the target database. Therefore, when the detection device detects the private API of the target API, the private API list is not required to be extracted from the SDK by reusing the nm tool, and the private API stored in the target database is directly adopted for comparison, so that the detection efficiency is improved.
Optionally, on the basis of any one of the first to fifth embodiments corresponding to fig. 3 and fig. 3, in a sixth optional embodiment of the method for detecting an application program provided in the embodiment of the present invention, the method may further include:
when the SDK is updated, extracting the updated private API from the SDK through a nm tool;
storing the updated private API in a target database.
In this embodiment, since the iOS SDK is updated every year and the private API may change, after the latest iOS SDK is released, the nm tool may be used to automatically extract the private API list of the current latest ioss SDK version according to the preset private API confirmation condition, please refer to fig. 4, where fig. 4 is a schematic diagram of extracting the private API in the software development kit according to the embodiment of the present invention, as shown in the figure, the API in the document (docset.dsidx) is first obtained, docset.dsidx is the document database in the iOS SDK, the documented API is recorded, and the latest version API document may be selected for downloading by "Xcode > licensing ═ Download > document".
Referring to fig. 5, fig. 5 is a schematic diagram of an interface display for downloading an API document according to an embodiment of the present invention, where a user first starts an Xcode, which is an integrated development Environment (integrated development Environment, abbreviated as IDE) running on an evaluation operating system and developed by apple inc. Xcode is the fastest way to develop OS X and iOS applications. The Xcode has a uniform user interface design, and the coding, the testing and the debugging are completed in a simple window. Next, a "preference tool (English full name: Preferences)" is selected in Xcode, and "Preferences" is a type of compilable tool. Then, the "Download tool" (full name: Download) is started, and the API document (full name: do administration) is selected for downloading.
Referring to fig. 6, fig. 6 is a schematic diagram of a private API list extracted in an embodiment of the present invention, and when a binary file of an iOS application is detected after the private API list is owned, a comparison query may be performed between a function used by the iOS application and a displayed private API in the private API list. In FIG. 6, API _ name is the API name, class _ name is the class name, and frame is the frame name.
The target database is an SQLite database, and the SQLite database is an open source embedded database engine written in C language. It supports most of the SQL92 standard and can run on all major operating systems. The SQLite database consists of the following parts: a Structured Query Language (SQL) compiler, a kernel, a backend, and an attachment. The SQLite Database makes debugging, modifying and expanding The kernel of The SQLite Database more convenient by using a Virtual machine and a Virtual Database Engine (The Virtual Database Engine, VDBE). All SQL statements are compiled into a set of programs that are easy to read and can be executed in the SQLite virtual machine.
In the embodiment of the invention, when the SDK is updated, the detection device extracts the private API from the updated SDK through the nm tool, and stores the private API in the target database. The private API in the target database is updated in the mode, the detection device can still guarantee the real-time performance of the private API when detecting the private API and along with the update of the SDK, when the detection device detects whether the API of the application program is the private API again, the detection device can compare the stored private API in the target database, if the API of the application program is consistent with the stored private API, the type of the API can be known without detecting the private API again, so that the detection efficiency is improved, and the practicability of the scheme is enhanced.
Optionally, on the basis of any one of the first to sixth embodiments corresponding to fig. 3 and fig. 3, in a seventh optional embodiment of the method for detecting an application program according to the embodiment of the present invention, if the target API extracted from the application program to be detected is consistent with the extracted private API in the SDK, determining the target API as the private API of the application program to be detected may include:
comparing an API identification carried in a target API extracted from an application program to be detected with an API identification carried in a private API extracted from a target database;
and if the API identification carried by the target API is consistent with the API identification carried by the private API, determining that the target API is the private API of the application program to be detected.
In this embodiment, a specific process of the detection device performing the private API detection on the target API of the application program to be detected may be that the API identifier corresponding to the target API extracted from the application program to be detected is determined first, and in a general case, the API carries the corresponding API identifier.
The specific operation may be that the detection device obtains a binary file of the application to be detected, determines the target API according to a function used by the binary file, and obtains the API identifier of the corresponding target API according to the target API, so that the detection device compares the API identifier of the target API with the API identifier of the private API stored in the target database. The target API and the private API may carry respective corresponding API identities.
And when the detection device detects that the API identification of the target API is consistent with the API identification of the private API stored in the target database, the target API of the application to be detected is the private API. It can be understood that the API identifier of the target API of the application to be detected is consistent with the API identifier of the private API stored in the target database, that is, it indicates that the target API of the application to be detected is consistent with the private API extracted from the SDK, because the target database stores the private API extracted from the SDK, and the private API includes the private API before and after updating the SDK, the API identifier is used to uniquely identify the API.
Further, in the embodiment of the present invention, a specific implementation manner for detecting the private API is provided, that is, the detecting device compares the API identifier carried in the target API extracted from the application program to be detected with the API identifier carried in the private API extracted from the target database, and if the API identifier carried in the target API is consistent with the API identifier carried in the private API, the detecting device determines that the target API is the private API of the application program to be detected. This scheme can be through comparing of API sign, and whether detection target API is private API, for the realization of scheme provides specific implementation, is favorable to promoting the practicality and the feasibility of scheme, and simultaneously, the process is comparatively easy to the aforesaid, can promote the detection efficiency of scheme.
Optionally, on the basis of any one of the first to seventh embodiments corresponding to fig. 3 and fig. 3, in an eighth optional embodiment of the detection method for an application program according to the embodiment of the present invention, the API is identified as an API name and a class name;
or, the API identification is an API name, a class name and a framework name;
alternatively, the API identification is an API name and a framework name.
In this embodiment, there may be three common detection rules for detecting the private API, and the following description will be separately described with reference to fig. 6 as an example.
When the API is an API with a class name, it needs to satisfy matching between the API name and the class name, and in the private API list corresponding to fig. 6, the API _ name is the API name, where the API name may include an area code "regionCode", a storage capacity "storageCapacity", a device level "deviceClass", an operating system version "osVersion", a digital model "modelNumber", a production version "productVersion", a serial number ", and the like, the class name is the class _ name, and in the private API list corresponding to fig. 6, the class name" aadevinfo "is the private API.
If too many API names are present, or the string does not comply with the function name rules, then the matching of the framework names also needs to be satisfied. The frame names are frame names, and in the private API list corresponding to fig. 6, the frame names are all "AppleAccount", which indicates that an apple account frame is adopted.
If an API without a class name is present, then a double match of the API name and the framework name must be satisfied.
Thirdly, in the embodiment of the invention, when the API has the class name, the API name and the class name can be adopted for comparison query, if too many API names exist or the character string does not accord with the function name rule, the API name, the class name and the frame name can be adopted for comparison query, and if the API without the class name exists, the API name and the frame name are required to be matched. By the method, the API identification can be flexibly compared according to the attribute of the API, and a reasonable comparison mode is selected for different API identifications, so that the practicability of the scheme is ensured, and the API identification comparison and detection are performed in a targeted manner, which is favorable for improving the detection efficiency of the scheme.
Optionally, on the basis of any one of the first to eighth embodiments corresponding to fig. 3 and fig. 3, in a ninth optional embodiment of the method for detecting an application program according to the embodiment of the present invention, after extracting the target API in the application program to be detected, the method may further include:
detecting whether a target API extracted from an application program to be detected contains a preset character string;
and if the target API comprises the preset character string, deleting the preset character string contained in the target API.
In this embodiment, after the detection device extracts the target API from the application to be detected through the nm tool, it may further detect whether the target API of the application to be detected includes a preset character string, and if the target API of the application to be detected includes the preset character string, the preset character string included in the target API needs to be deleted, where the preset character string is usually an illegal character string, and the preset character string may be an illegal character string including "&%", or an illegal character string including "% @", or an illegal character string including "@ &", which is not limited herein.
Specifically, in practical applications, the detection of the private API can be bypassed by string concatenation as follows:
in the actual detection, the function of the target API to be detected should be the "applet idclientifier", so that the function with the string% @ tiddentifier existing in the "applet% @ tiddentifier" is deleted, the "DClien" is spliced with the "applet idclientifier" again, and the spliced position is after the sixth letter "I" of the "applet" and before the seventh letter "t", and the target API "applet idclientifier" is obtained after splicing, and can be used for subsequent private API detection.
The detection device performs private API detection by using the method corresponding to fig. 7, fig. 7 is a schematic diagram illustrating that an application to be detected calls a plurality of private APIs in the embodiment of the present invention to obtain related private APIs, and then the detection result is visually presented in a detection report, as shown in fig. 8, fig. 8 is a schematic diagram illustrating an output interface of the detection result of the private API in the embodiment of the present invention, and when a suspected private API is found, a prompt may be sent to a user, so that the user may perform self-check.
It can be understood that, at present, there are four ways of splicing the character strings in the API, the first is an API with a class name and containing a character string such as "% @", the second is an API with a class name but not containing a character string such as "% @", the third is an API without a class name and containing a character string such as "% @", and the fourth is an API without a class name but not containing a character string, which is not limited herein.
Furthermore, in the embodiment of the present invention, it may be detected that the processing is performed in a manner of string concatenation in order to avoid detection of the private API. After the detection device extracts the target API in the application program to be detected, whether the target API extracted from the application program to be detected contains the preset character string can be detected, and if the target API contains the preset character string, the preset character string contained in the target API is deleted. By adopting the above mode, the target API can be acquired more accurately, the condition that private API detection is bypassed by adding the splicing character string is guaranteed not to occur, so that the target API in the application program to be detected can be detected more comprehensively and meticulously in practical application by the scheme, the practicability and feasibility of the scheme are enhanced, and the reliability of the scheme detection is improved.
For convenience of understanding, the following describes in detail a detection method of an application program according to the present invention in a specific application scenario, specifically:
a company needs to bring a newly developed IPA online, and in order to prevent the IPA from being rejected to be put on the shelf or forced to be put off the shelf by the apple app store appstar, the IPA needs to be detected by a private API in advance.
Firstly, a developer uploads IPA to be detected to a server for detecting the private API through a personal computer, after the server obtains the IPA to be detected, the private API list is extracted from the SDK through a nm tool, and specifically, the private API list can be extracted by adopting the following extraction formula:
private API ═ (API in header file generated by nm frame library (API in frame header file ═ documented API + uncategorized API)) + privateframe API-rule to exclude non-private APIs
And obtaining a private API list according to a private API extraction formula, and extracting a target API from the IPA to be detected, wherein the target API is a function spliced by 'applet% @ tIdentifier' and 'DClien'. And the server detects that the illegal character string "% @" exists in the "applet% @ tiddentifier", then deletes the "% @" in the "applet% @ tiddentifier" and splices the "% @" with the "DClien" to obtain the "applet credentidentifier".
The API name is "applet idclientidentifier", the class name is "AADeviceInfo", and the framework name is "AppleAccount". The private API also has a class name "AADeviceInfo", a framework name "appleacount", and an API name "applet idclientidentifier", so that the target API matches with the private API in the private API list, and thus, in order to determine that the target API is the private API, the server needs the developer to re-online the IPA to be detected after subsequent processing.
Referring to fig. 9, the detecting device 20 in the embodiment of the present invention includes:
an obtaining module 201, configured to obtain an application to be detected;
a first extraction module 202, configured to extract a private application programming interface API from the software development kit SDK through a symbol list tool nm;
the second extraction module 203 is configured to extract a target API in the application to be detected;
a determining module 204, configured to determine the target API extracted from the to-be-detected application program extracted by the second extracting module 201 as the private API of the to-be-detected application program if the target API extracted from the to-be-detected application program extracted by the second extracting module 201 is consistent with the private API extracted from the SDK extracted by the first extracting module 202.
In this embodiment, the obtaining module 201 obtains an application to be detected, the first extracting module 202 extracts a private application programming interface API from a software development kit SDK through a symbol list tool nm, the second extracting module 203 extracts a target API from the application to be detected obtained by the obtaining module 201 through the nm tool, and if the target API extracted from the application to be detected by the second extracting module 201 is consistent with the private API extracted from the SDK by the first extracting module 202, the determining module 204 determines the target API as the private API of the application to be detected.
The embodiment of the invention provides an application program detection method, wherein a detection device acquires an application program to be detected, extracts a private application programming interface API from an SDK through a nm tool, extracts a target API in the application program to be detected, and determines the target API as the private API of the application program to be detected if the target API extracted from the application program to be detected is consistent with the extracted private API from the SDK. The detection device replaces the existing class-dump tool with the nm tool to obtain the private API in the SDK, so that the detection process is more stable, and the accuracy of detecting the private API is improved.
Alternatively, on the basis of the embodiment corresponding to fig. 9, referring to fig. 10, in another embodiment of the detection apparatus provided in the embodiment of the present invention,
the first extraction module 202 includes:
an obtaining unit 2021, configured to obtain an API from the SDK through the nm tool;
a determining unit 2022, configured to determine whether the API acquired by the acquiring unit 2021 meets a preset private API confirmation condition, and if yes, determine that the API is a private API.
Secondly, in the embodiment of the present invention, the step of extracting the API of the private application programming interface from the SDK by the detection device through the nm tool may be specifically that the detection device first extracts a target API in the application to be detected, and then determines whether the API meets a preset API confirmation condition, and if so, determines that the API is the private API. By the method, the private API detection result of the application to be detected can be obtained, the confirmation condition of the private API is fully considered, the range for determining the private API is narrowed in actual detection, the condition that the private API is missed to be detected is avoided, the accuracy of private API detection is guaranteed, the efficiency of detecting the private API is improved, and the private API detection result can be timely processed by a user.
Alternatively, on the basis of the embodiment corresponding to fig. 10, referring to fig. 11, in another embodiment of the detection apparatus provided in the embodiment of the present invention,
the judgment unit 2022 includes:
a first judging subunit 20221, configured to judge whether the API is a function composed of one letter or two letters;
a first determining subunit 20222, configured to determine that the target API does not satisfy the preset private API validation condition if the first determining subunit 20221 determines that the API is a function composed of one or two letters.
In the embodiment of the present invention, it is determined whether the API meets the preset private API confirmation condition, specifically, it is determined whether the API is a function composed of one letter or two letters, and if the API is a function composed of one letter or two letters, it may be determined that the API does not meet the preset private API confirmation condition. By the method, an implementation mode is provided for detecting whether the API meets the preset private API confirmation condition, on one hand, the practicability of the scheme in practical application is improved, and on the other hand, a reliable detection rule and enhanced feasibility of the scheme are provided for the method for determining the private API.
Alternatively, referring to fig. 12 on the basis of the embodiment corresponding to fig. 10, in another embodiment of the detection apparatus provided in the embodiment of the present invention,
the judgment unit 2022 includes:
a second judging subunit 20223, configured to judge whether the API is a constant or a variable;
a second determining subunit 20224, configured to determine that the target API does not satisfy the preset private API validation condition if the API is determined to be the constant or the variable by the second determining subunit 20223.
Thirdly, in the embodiment of the present invention, it is determined whether the API meets the preset private API confirmation condition, specifically, it is determined whether the API is a constant or a variable, and if the API is a constant or a variable, it is determined that the API does not meet the preset private API confirmation condition. By the method, whether the API meets the preset private API confirmation condition or not is detected, another feasible method is provided for implementation of the scheme, on one hand, the practicability of the scheme in practical application is improved, and on the other hand, a reliable detection rule is provided for the method for determining the private API, and the feasibility of the scheme is enhanced.
Alternatively, referring to fig. 12 on the basis of the embodiment corresponding to fig. 10, in another embodiment of the detection apparatus provided in the embodiment of the present invention,
the judgment unit 2022 includes:
a third judging subunit 20225, configured to judge whether the API belongs to a class-name-free C language library function;
a third determining subunit 20226, configured to determine that the target API does not meet the preset private API validation condition if the API is determined by the third determining subunit 20225 to be the C language library function belonging to the generic name.
Thirdly, in the embodiment of the present invention, it is determined whether the API meets the preset private API confirmation condition, specifically, it is determined whether the API belongs to a class-name-free C language library function, and if the API belongs to the class-name-free C language library function, it is determined that the API does not meet the preset private API confirmation condition. By the method, whether the API meets the preset private API confirmation condition or not is detected, another feasible method is provided for implementation of the scheme, on one hand, the practicability of the scheme in practical application is improved, and on the other hand, a reliable detection rule is provided for the method for determining the private API, and the feasibility of the scheme is enhanced.
Alternatively, on the basis of the embodiment corresponding to fig. 9, referring to fig. 13, in another embodiment of the detection apparatus provided in the embodiment of the present invention,
the detection device 20 further comprises:
the first storage module 205 is configured to store the private API in the target database after the first extraction module 202 extracts the private API from the software development kit SDK through the symbol list tool nm.
Secondly, in the embodiment of the invention, after the detection device extracts the private API from the SDK through the nm tool, the private API can be directly stored in the target database. Therefore, when the detection device detects the private API of the target API, the private API list is not required to be extracted from the SDK by reusing the nm tool, and the private API stored in the target database is directly adopted for comparison, so that the detection efficiency is improved.
Alternatively, on the basis of the embodiment corresponding to fig. 13, referring to fig. 14, in another embodiment of the detection apparatus provided in the embodiment of the present invention,
the detection device 20 further comprises:
a third extracting module 206, configured to, when the SDK is updated, extract an updated private API from the SDK through the nm tool;
a second storage module 207, configured to store the updated private API extracted by the third extraction module 206 in a target database.
In the embodiment of the invention, when the SDK is updated, the detection device extracts the private API from the updated SDK through the nm tool, and stores the private API in the target database. The private API in the target database is updated in the mode, the detection device can still guarantee the real-time performance of the private API when detecting the private API and along with the update of the SDK, when the detection device detects whether the API of the application program is the private API again, the detection device can compare the stored private API in the target database, if the API of the application program is consistent with the stored private API, the type of the API can be known without detecting the private API again, so that the detection efficiency is improved, and the practicability of the scheme is enhanced.
Alternatively, on the basis of the embodiment corresponding to any one of fig. 9 to 14, referring to fig. 15, in another embodiment of the detection apparatus provided in the embodiment of the present invention,
the determining module 204 includes:
a comparing unit 2041, configured to compare the API identifier carried in the target API extracted from the application program to be detected with the API identifier carried in the private API extracted from the target database;
a determining unit 2042, configured to determine that the target API is the private API of the application program to be detected if the API identifier carried by the target API is obtained by comparing by the comparing unit 2041 and the API identifier carried by the private API are consistent.
Further, in the embodiment of the present invention, a specific implementation manner for detecting the private API is provided, that is, the detecting device compares the API identifier carried in the target API extracted from the application program to be detected with the API identifier carried in the private API extracted from the target database, and if the API identifier carried in the target API is consistent with the API identifier carried in the private API, the detecting device determines that the target API is the private API of the application program to be detected. This scheme can be through comparing of API sign, and whether detection target API is private API, for the realization of scheme provides specific implementation, is favorable to promoting the practicality and the feasibility of scheme, and simultaneously, the process is comparatively easy to the aforesaid, can promote the detection efficiency of scheme.
Alternatively, on the basis of the embodiment corresponding to fig. 15, in another embodiment of the detection apparatus provided in the embodiment of the present invention,
the API mark is an API name and a class name;
or, the API identification is an API name, a class name and a frame name;
or, the API identification is an API name and a framework name.
Thirdly, in the embodiment of the invention, when the API has the class name, the API name and the class name can be adopted for comparison query, if too many API names exist or the character string does not accord with the function name rule, the API name, the class name and the frame name can be adopted for comparison query, and if the API without the class name exists, the API name and the frame name are required to be matched. By the method, the API identification can be flexibly compared according to the attribute of the API, and a reasonable comparison mode is selected for different API identifications, so that the practicability of the scheme is ensured, and the API identification comparison and detection are performed in a targeted manner, which is favorable for improving the detection efficiency of the scheme.
Alternatively, on the basis of the embodiment corresponding to fig. 9, referring to fig. 16, in another embodiment of the detection apparatus provided in the embodiment of the present invention,
a detection module 208, configured to detect whether the target API extracted from the application to be detected includes a preset character string after the second extraction module 203 extracts the target API from the application to be detected through the nm tool;
a deleting module 209, configured to delete the preset character string included in the target API if the target API detected by the detecting module 208 includes the preset character string.
Furthermore, in the embodiment of the present invention, it may be detected that the processing is performed in a manner of string concatenation in order to avoid detection of the private API. After the detection device extracts the target API in the application program to be detected, whether the target API extracted from the application program to be detected contains the preset character string can be detected, and if the target API contains the preset character string, the preset character string contained in the target API is deleted. By adopting the above mode, the target API can be acquired more accurately, the condition that private API detection is bypassed by adding the splicing character string is guaranteed not to occur, so that the target API in the application program to be detected can be detected more comprehensively and meticulously in practical application by the scheme, the practicability and feasibility of the scheme are enhanced, and the reliability of the scheme detection is improved.
Fig. 17 is a schematic structural diagram of a detection apparatus 300 according to an embodiment of the present invention, wherein the detection apparatus 300 may have a relatively large difference due to different configurations or performances, and may include one or more Central Processing Units (CPUs) 322 (e.g., one or more processors) and a memory 332, and one or more storage media 330 (e.g., one or more mass storage devices) for storing applications 342 or data 344. Memory 332 and storage media 330 may be, among other things, transient storage or persistent storage. The program stored on the storage medium 330 may include one or more modules (not shown), each of which may include a series of instruction operations for the server. Still further, the central processor 322 may be configured to communicate with the storage medium 330, and execute a series of instruction operations in the storage medium 330 on the program detecting device 300.
The detection device 300 may also include one or more power supplies 326, one or more wired or wireless network connections 350, one or more input-output interfaces 358, and/or one or more operating systems 341, such as Windows Server, Mac OS XTM, UnixTM, LinuxTM, FreeBSDTM, and the like.
The steps performed by the program detecting means in the above-described embodiment may be based on the detecting means structure shown in fig. 17.
The central processing unit 322 is configured to execute the program in the memory, and specifically includes the following steps:
controlling the input/output interface 358 to acquire an application program to be detected;
extracting a private application programming interface API from the software development kit SDK through a symbol list tool nm;
extracting a target API in an application program to be detected;
and if the target API extracted from the application program to be detected is consistent with the private API extracted from the SDK, determining the target API as the private API of the application program to be detected.
It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
In the several embodiments provided in the present application, it should be understood that the disclosed system, apparatus and method may be implemented in other manners. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes several instructions for causing a computer device (which may be a personal computer, a program detection device, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
The above-mentioned embodiments are only used for illustrating the technical solutions of the present invention, and not for limiting the same; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.
Claims (20)
1. A method for detecting an application program, comprising:
acquiring an application program to be detected;
acquiring API from SDK through nm tool;
judging whether the API meets preset private API confirmation conditions or not, if so, determining the API to be a private API, wherein the preset private API confirmation conditions comprise:
private API ═ (API in the header file generated by the nm Framework library- (API in the Framework header file ═ documented API + unfortified API)) + PrivateFramework API-rule to exclude non-private APIs;
extracting a target API in the application program to be detected;
and if the target API extracted from the application program to be detected is consistent with the private API extracted from the SDK, determining the target API as the private API of the application program to be detected.
2. The method of claim 1, wherein the determining whether the API meets a preset private API validation condition comprises:
judging whether the API is a function consisting of one letter or two letters;
and if the API is a function consisting of the letter or the two letters, determining that the target API does not meet the preset private API confirmation condition.
3. The method of claim 1, wherein the determining whether the API meets a preset private API validation condition comprises:
judging whether the API is a constant or a variable;
and if the API is the constant or the variable, determining that the target API does not meet the preset private API confirmation condition.
4. The method of claim 1, wherein the determining whether the API meets a preset private API validation condition comprises:
judging whether the API belongs to a C language library function without class names;
and if the API belongs to the class name-free C language library function, determining that the target API does not meet the preset private API confirmation condition.
5. The method of claim 1, wherein after extracting the private application programming interface API from the software development kit SDK by the symbol list tool nm, the method further comprises:
storing the private API in a target database.
6. The method of claim 5, further comprising:
when the SDK is updated, extracting the updated private API from the SDK through the nm tool;
and storing the updated private API in a target database.
7. The method according to any one of claims 1 to 6, wherein if the target API extracted from the application to be detected is consistent with the extracted private API in the SDK, determining the target API as the private API of the application to be detected, includes:
comparing the API identification carried in the target API extracted from the application program to be detected with the API identification carried in the private API extracted from the target database;
and if the API identification carried by the target API is consistent with the API identification carried by the private API, determining that the target API is the private API of the application program to be detected.
8. The method of claim 7,
the API mark is an API name and a class name;
or, the API identification is an API name, a class name and a frame name;
or, the API identification is an API name and a framework name.
9. The method according to claim 1, wherein after the extracting the target API in the application to be detected, the method further comprises:
detecting whether the target API extracted from the application program to be detected contains a preset character string or not;
and if the target API comprises the preset character string, deleting the preset character string contained in the target API.
10. A detection device, comprising:
the acquisition module is used for acquiring the application program to be detected;
the first extraction module includes: an acquisition unit and a judgment unit;
the obtaining unit is used for obtaining the API from the SDK through the nm tool;
the judging unit is configured to judge whether the API meets a preset private API confirmation condition, and if yes, determine that the API is a private API, where the preset private API confirmation condition includes:
private API ═ (API in the header file generated by the nm Framework library- (API in the Framework header file ═ documented API + unfortified API)) + PrivateFramework API-rule to exclude non-private APIs;
the second extraction module is used for extracting a target API in the application program to be detected;
and the determining module is used for determining the target API as the private API of the application program to be detected if the target API extracted from the application program to be detected and extracted by the second extracting module is consistent with the private API extracted from the SDK and extracted by the first extracting module.
11. The detection apparatus according to claim 10, wherein the judgment unit includes:
the first judgment subunit is used for judging whether the API is a function consisting of one letter or two letters;
and the first determining subunit is configured to determine that the target API does not satisfy the preset private API confirmation condition if the API determined by the first determining subunit is a function consisting of one or two letters.
12. The detection apparatus according to claim 10, wherein the judgment unit includes:
the second judgment subunit is used for judging whether the API is a constant or a variable;
a second determining subunit, configured to determine that the target API does not satisfy the preset private API validation condition if the API determined by the second determining subunit is the constant or the variable.
13. The detection apparatus according to claim 10, wherein the judgment unit includes:
the third judging subunit is used for judging whether the API belongs to a C language library function without class names;
a third determining subunit, configured to determine that the target API does not satisfy the preset private API validation condition if the API determined by the third determining subunit is the C language library function without the class name.
14. The detection device according to claim 10, further comprising:
the first storage module is used for storing the private API in a target database after the first extraction module extracts the private API from the SDK through a symbol list tool nm.
15. The detection device according to claim 14, further comprising:
a third extraction module, configured to, when the SDK is updated, extract an updated private API from the SDK through the nm tool;
and the second storage module is used for storing the updated private API extracted by the third extraction module in a target database.
16. The detection apparatus according to any one of claims 10 to 15, wherein the determination module comprises:
a comparison unit, configured to compare the API identifier carried in the target API extracted from the application program to be detected with the API identifier carried in the private API extracted from the target database;
and the determining unit is used for determining that the target API is the private API of the application program to be detected if the API identifier carried by the target API is consistent with the API identifier carried by the private API obtained by comparison of the comparing unit.
17. The detection apparatus according to claim 16,
the API mark is an API name and a class name;
or, the API identification is an API name, a class name and a frame name;
or, the API identification is an API name and a framework name.
18. The detection apparatus according to claim 10,
the detection module is used for detecting whether the target API extracted from the application program to be detected contains a preset character string after the target API in the application program to be detected is extracted by the second extraction module;
and the deleting module is used for deleting the preset character string contained in the target API if the target API contains the preset character string detected by the detecting module.
19. A detection device, comprising: an input device, an output device, a memory, and a processor;
the processor is used for executing the program in the memory, and specifically comprises the following steps:
controlling the input device to acquire an application program to be detected;
extracting a private application programming interface API from the software development kit SDK through a symbol list tool nm;
extracting a target API in the application program to be detected;
and if the target API extracted from the application program to be detected is consistent with the private API extracted from the SDK, determining the target API as the private API of the application program to be detected.
20. A computer-readable storage medium, characterized in that the storage medium has stored therein a computer program for executing the method for detecting an application program according to any one of claims 1 to 9.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610293162.8A CN107346284B (en) | 2016-05-05 | 2016-05-05 | Application program detection method and detection device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610293162.8A CN107346284B (en) | 2016-05-05 | 2016-05-05 | Application program detection method and detection device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN107346284A CN107346284A (en) | 2017-11-14 |
| CN107346284B true CN107346284B (en) | 2020-10-27 |
Family
ID=60253752
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610293162.8A Active CN107346284B (en) | 2016-05-05 | 2016-05-05 | Application program detection method and detection device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107346284B (en) |
Families Citing this family (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107943484B (en) * | 2017-11-30 | 2021-04-06 | 广州酷狗计算机科技有限公司 | Method and device for executing business function |
| CN109962933B (en) * | 2017-12-14 | 2023-08-18 | 三六零科技集团有限公司 | SDK updating method, embedded SDK, server and updating system |
| CN108363671B (en) * | 2018-02-07 | 2020-01-14 | 中国平安人寿保险股份有限公司 | Interface switching method, terminal equipment and storage medium |
| CN109656809A (en) * | 2018-11-07 | 2019-04-19 | 北京奇艺世纪科技有限公司 | A kind of application programming interfaces detection method, device and computer readable storage medium |
| CN109726122A (en) * | 2018-12-13 | 2019-05-07 | 平安普惠企业管理有限公司 | Privately owned API detection method, device, computer equipment and storage medium |
| CN110059485A (en) * | 2019-03-16 | 2019-07-26 | 平安城市建设科技(深圳)有限公司 | Privately owned API detection method, terminal and the storage medium of IOS application |
| CN111026435A (en) * | 2019-11-29 | 2020-04-17 | 北京奇艺世纪科技有限公司 | Method, device, equipment and storage medium for detecting application program private interface |
| CN113821797A (en) * | 2020-06-18 | 2021-12-21 | 中国电信股份有限公司 | Security detection method and device for software development kit and storage medium |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104424022A (en) * | 2013-08-30 | 2015-03-18 | 腾讯科技(深圳)有限公司 | Screen recording method and device |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| RU2535175C2 (en) * | 2012-12-25 | 2014-12-10 | Закрытое акционерное общество "Лаборатория Касперского" | System and method for detecting malware by creating isolated environment |
-
2016
- 2016-05-05 CN CN201610293162.8A patent/CN107346284B/en active Active
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104424022A (en) * | 2013-08-30 | 2015-03-18 | 腾讯科技(深圳)有限公司 | Screen recording method and device |
Non-Patent Citations (3)
| Title |
|---|
| apem.iOS私有API扫描工作总结.《https://www.cnblogs.com/apem/p/5380268.html》.2016, * |
| iOS私有API扫描工作总结;apem;《https://www.cnblogs.com/apem/p/5380268.html》;20160411;第3页 * |
| 网站安全狗最新版绕过测试;梧桐雨;《http://www.91ri.org/11138.html》;20141023;第2页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN107346284A (en) | 2017-11-14 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107346284B (en) | Application program detection method and detection device | |
| CN106951780B (en) | Beat again the static detection method and device of packet malicious application | |
| CN104679495B (en) | software identification method and device | |
| US11036479B2 (en) | Devices, systems, and methods of program identification, isolation, and profile attachment | |
| CA2956207C (en) | Program code comparison and reporting | |
| CN106897197B (en) | Error log duplicate removal method and device | |
| US10203953B2 (en) | Identification of duplicate function implementations | |
| CN108182129B (en) | Digital evidence obtaining system and method for restoring data information based on mobile terminal mirror image | |
| US11163560B1 (en) | Methods and arrangements to process comments | |
| CN110263546A (en) | A kind of pair of container mirror image carries out the method, apparatus and equipment of safety inspection | |
| CN111258614B (en) | Method, system, equipment and storage medium for detecting upgrade exception of project third-party library | |
| US20150278231A1 (en) | System and method for customizing archive of a device driver generator tool for a user | |
| US11029934B2 (en) | Method and system for updating legacy software | |
| WO2022012327A1 (en) | Code analysis method and system, and computing device | |
| CN105205398B (en) | It is a kind of that shell side method is looked into based on APK shell adding software dynamic behaviours | |
| EP3293664A1 (en) | Software analysis system, software analysis method, and software analysis program | |
| CN110889116A (en) | Advertisement blocking method and device and electronic equipment | |
| CN118013526A (en) | Binary vulnerability data set construction method and device based on LLM multi-source heterogeneous information fusion | |
| CN116841635A (en) | Parameter configuration method, device, equipment and storage medium | |
| CN107451050B (en) | Function acquisition method and device and server | |
| CN116185853A (en) | Code verification method and device | |
| CN112817652B (en) | Configuration method and device of computer environment, computer equipment and storage medium | |
| CN106033338A (en) | Method and device for importing and analyzing source code based on FOG data | |
| CN111796832B (en) | Hot patch file generation method, device, equipment and storage medium | |
| CN108132971B (en) | Analysis method and device for database fragment files |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |